Allow less secure apps in Gmail

Allow less secure apps to access your Gmail account

Last updated on

Allowing Less Secure Apps

If you have to allow an application to access your Google account, you can disable this security block.

  1. Sign in to Gmail
  2. Click here to access Less Secure App Access in My Account.
  3. Next to “Allow less secure apps: OFF,” select the toggle switch to turn ON.
  4. Visit the Display Unlock Captcha page and click Continue to remove the security block.

The Allow less secure apps setting may not be available for:

  • Accounts with 2-Step Verification (2FA) enabled. If 2FA is already enabled on your account, you should create an application-specific password and use this password for your application. If you still can’t access your account with an app password, visit the Display Unlock Captcha page and click Continue to remove the security block.
  • G Suite users: This setting may not be available if your G Suite administrator has locked less secure app account access. Please read the G Suite section below or contact your G Suite administrator for help.

I still can’t log in..

If you still can’t log into your account through your application after changing the “Allow less secure apps” setting, consider enabling 2-Step Verification and creating an application-specific password.

If you cannot access your account using an app password, your application may not meet Google’s new security standards. For example, older versions of Outlook may no longer work with Google’s authentication system. Consider upgrading your application to the latest version and try logging in again.

G Suite Admins

G Suite Admins: Enabling less secure apps to access G Suite accounts

  1. Sign in to your Google Admin console (Sign in using an administrator account)
  2. Click Security > Less secure apps.
  3. Select Allow users to manage their access to less secure apps.
  4. Click Save.

    G-Suite Allow Less Secure Apps

  5. Once you’ve set Allow users to manage their access to less secure apps to on, affected G Suite users within the selected group or Organizational Unit will be able to toggle access for less secure apps on or off themselves. It may take a minute or so for the setting to take affect.
  6. Now log in as the G Suite user and visit https://myaccount.google.com/lesssecureapps to toggle Less Secure Apps access.

G Suite Admins: Important Security Changes Coming

Starting in June 2020, Google will limit the ability for less secure apps (LSAs) to access G Suite account data. This is most likely to impact users of legacy email, calendar, and contacts apps.

LSAs are non-Google apps that can access your Google account with only a username and password. They make your account more vulnerable to hijacking attempts. Instead of LSAs, you can use apps that support OAuth—a modern and secure access method.

Access to LSAs will be turned off in two stages:

  • After June 15, 2020 – Users who try to connect to an LSA for the first time will no longer be able to do so. This includes third-party apps that allow password-only access to Google calendars, contacts, and email via protocols such as CalDAV, CardDAV, IMAP, and Exchange ActiveSync (Google Sync). Users who have connected to LSAs prior to this date will be able to continue using them until usage of all LSAs is turned off.
  • After February 15, 2021 – Access to LSAs will be turned off for all G Suite accounts.

For more information, please read Google’s blog article: Turning off less secure app access to G Suite accounts

1 Star2 Stars3 Stars4 Stars5 Stars 4.33 (24 votes)

Let me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.

p.s. I increased my AdSense revenue by 68% using AI 🤖. Read my Ezoic review to find out how.

20 replies

avatar
  Subscribe  
newest oldest
Notify of
John Mahoney
Guest
John Mahoney
John Mahoney
2 months ago

Can you confirm if application-specific passwords will still work after the June 2020 changes? Or does all third-party “less secure” apps have to implement some sort of oauth 2 feature, manage the refresh token, etc.? My thought is that they will work given you have to turn on 2-factor authentication… which eliminates the LSA option.

azhar
Guest
azhar
azhar
5 months ago

I was trying this a lot of time of configuring thunderbird portable. It kept giving me problem with username and password even after allowing less secure app. Finally i deleted the the thunderbird portable folder and reinstall it and configure it again (after allowing that option -less secure app). Now it works

Hussain A
Guest
Hussain A
Hussain A
5 months ago

If you don’t want to use 2factor auth, after Allowing less secure apps, you should also visit this before trying to access google account via third party: https://accounts.google.com/b/0/DisplayUnlockCaptcha

techwetrust
Guest
techwetrust
techwetrust
7 months ago

I had some issues with the security checks from Google. When you want to automate some tasks, manual verification can be a real headache. Thanks for the direct link to the Google Account option. Also, I have made a guide too with step by step images for turning on Less secure apps access.

Dr Jack Tan
Guest
Dr Jack Tan
Dr Jack Tan
7 months ago

I was having problems for 7 days on password between outlook 2013 and Gmail, and not able to receive or send. please help urgently. Thanks. Dr Jack Tan

Perichiappan L
Guest
Perichiappan L
Perichiappan L
8 months ago

Thanks. It saved me.

zakariyya ayub
Guest
zakariyya ayub
zakariyya ayub
10 months ago

i dont know why, but
its not working

mike
Guest
mike
mike
8 months ago

Supposedly it can take up to 24 hours for the setting to take effect. I found that when I changed the setting through Chrome on a Win 10 laptop it was just being ignored (was trying to restore Outlook access to a Gmail account that had been working fine for years and suddenly stopped because of this grossly stupid idea), but when I changed the setting via Android phone it took effect right away and I was able to reconnect Outlook on my laptop immediately.

Rex
Guest
Rex
Rex
11 months ago

After researching through various forums, KB articles, and working with Microsoft and Google support I was unable to complete a data migration from GMail to Outlook 365. THIS article resolved the issues I was dealing with. Wish I found it earlier… Thank you so much!

Luis Ramirez
Guest
Luis Ramirez
Luis Ramirez
1 year ago

Thanks

Don
Guest
Don
Don
1 year ago

This worked perfectly for me! Much easier than the directions provided by Google.

Many Thanks!

Tommy Polia
Guest
Tommy Polia
Tommy Polia
1 year ago

JULY 2018

IF THE ABOVE DOESNT MATCH THE OPTIONS YOU HAVE READ BELOW:

While signed in/logged in to your Google account (important obviously) Click on your round profile circle on the right side of your browser.
Click on the blue button that says “Google account”
Click on the word “Sign-in & security” (with a blue lock icon on the left of the title)
Scroll down ALL the way, the last option is a toggle that says “Allow less secure apps: OFF” Toggle this option.

Al Dunbar
Guest
Al Dunbar
Al Dunbar
3 years ago

I am developing a powershell script that will use the send-mailmessage cmdlet to send a newsletter to a series of email addresses. This makes it more personal to the recipient than bcc-ing it to a distribution list, and also allows for some customization (i.e. the script will be able to insert the recipient’s first and last name).

I will run this script only on my own windows 10 computer, and the only other “apps” that I will explicitly use there to logon to google/gmail are the chrome browser. So far the only way I have found to make this work is to enable less secure apps temporarily. My question is this: what might the impact be of leaving that setting in place? I understand the setting is in my google account, so would be open to anyone on any device using any app to connect. But if they knew my google password, they could already login and enable less secure apps anyway.

So can you explain to me the risks of leaving that setting in the “ON” state?